4.3
CVE-2012-3714
- EPSS 0.93%
- Veröffentlicht 20.09.2012 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:43:47
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.93% | 0.557 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://support.apple.com/kb/HT5502
http://osvdb.org/85653
http://www.securityfocus.com/bid/55625
https://exchange.xforce.ibmcloud.com/vulnerabilities/78681